diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 42ff1d0e0f..3acd44b646 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,6 +1,5 @@
 name: "Run build"
 on:
-  pull_request:
   workflow_dispatch:
     inputs:
       image_formats:
@@ -30,7 +29,7 @@ on:
           Custom SDK container version to use for this build.
 
 permissions:
-  pull-requests: write 
+  pull-requests: write
 
 jobs:
   packages:
@@ -40,7 +39,6 @@ jobs:
       - debian
       - build
       - x64
-    environment: main
     strategy:
       fail-fast: false
       matrix:
diff --git a/.github/workflows/pr-comment-build-dispatcher.yaml b/.github/workflows/pr-comment-build-dispatcher.yaml
index 4d334d2601..f6396973b6 100644
--- a/.github/workflows/pr-comment-build-dispatcher.yaml
+++ b/.github/workflows/pr-comment-build-dispatcher.yaml
@@ -11,18 +11,18 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  check_maintainer_membership:
+  run_pre_checks:
     # Only run if this is a PR comment that contains a valid command
-    if: |
-      ${{ github.event.issue.pull_request }} &&
-        (    contains(github.event.comment.body, '/update-sdk') || contains(github.event.comment.body, '/build-image') )
+    if: ${{ github.event.issue.pull_request }} && contains(github.event.comment.body, '/build-image')
     name: Check if commenter is in the Flatcar maintainers team
     outputs:
       maintainers: steps.step1.output.maintainers
+      sdk_changes: steps.step3.outputs.sdk_changes
     runs-on:
       - ubuntu-latest
     steps:
       - name: Fetch members of the maintainers team
+        id: step1
         env:
           requester: ${{ github.event.comment.user.login }}
         shell: bash
@@ -49,25 +49,45 @@ jobs:
 
           $res
 
+      - uses: actions/checkout@v3
+        id: step2
+        with:
+          path: scripts
+          fetch-depth: 0
+  
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          working-directory: scripts
+          filters: |
+            sdk_changes:
+              - 'sdk_container/**'
+              - 'sdk_libs/**'
+
+      - name: Set outputs
+        id: step3
+        shell: bash
+        run: |
+          echo "sdk_changes=${{ steps.filter.outputs.sdk_changes }}" >> $GITHUB_OUTPUT
+
       - name: Post a link to the workflow run to the PR
+        id: step4
         uses: mshick/add-pr-comment@v2
         with:
           issue: ${{ github.event.issue.pull_request.number }}
           message: "Build action triggered: [${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
 
   update_sdk:
-    needs: check_maintainer_membership
-    if: ( needs.check_maintainer_membership.result == 'success'
-           && contains(github.event.comment.body, '/update-sdk') )
+    needs: run_pre_checks
+    if: needs.run_pre_checks.result == 'success' && needs.run_pre_checks.outputs.sdk_changes == 'true'
     name: "Build an updated SDK container"
     # SDK build needs access to bincache ssh secret
     secrets: inherit
     uses: ./.github/workflows/update-sdk.yaml
 
   build_image:
-    needs: [ check_maintainer_membership, update_sdk ]
-    if: ( needs.check_maintainer_membership.result == 'success'
-          && (    contains(github.event.comment.body, '/build-image') || needs.update_sdk.result == 'success' ) )
+    needs: [ run_pre_checks, update_sdk ]
+    if: (always() && ! cancelled()) && needs.run_pre_checks.result == 'success' && contains(github.event.comment.body, '/build-image')
     name: "Build the OS image"
     uses: ./.github/workflows/ci.yaml
     with:
diff --git a/.github/workflows/pr-workflows.yaml b/.github/workflows/pr-workflows.yaml
new file mode 100644
index 0000000000..6d0d32305c
--- /dev/null
+++ b/.github/workflows/pr-workflows.yaml
@@ -0,0 +1,56 @@
+name: "Run PR workflows"
+on:
+  pull_request:
+
+permissions:
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-pr-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  check_for_sdk_changes:
+    name: "Check for SDK changes"
+    runs-on: ubuntu-latest
+    environment: development
+    outputs:
+      sdk_changes: ${{ steps.step2.outputs.sdk_changes }}
+    steps:
+      - uses: actions/checkout@v3
+        id: step1
+        with:
+          path: scripts
+          fetch-depth: 0
+
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          working-directory: scripts
+          filters: |
+            sdk_changes:
+              - 'sdk_container/**'
+              - 'sdk_libs/**'
+
+      - name: Set outputs
+        id: step2
+        shell: bash
+        run: |
+          echo "sdk_changes=${{ steps.filter.outputs.sdk_changes }}" >> $GITHUB_OUTPUT
+
+  update_sdk:
+    name: "Build an updated SDK container"
+    needs: [ check_for_sdk_changes ]
+    if: needs.check_for_sdk_changes.sdk_changes == 'true'
+    # SDK build needs access to bincache ssh secret
+    secrets: inherit
+    uses: ./.github/workflows/update-sdk.yaml
+
+  build_image:
+    needs: [ update_sdk ]
+    if: (always() && ! cancelled()) && needs.update_sdk.result != 'failure'
+    name: "Build the OS image"
+    uses: ./.github/workflows/ci.yaml
+    with:
+      custom_sdk_version: ${{ needs.update_sdk.outputs.sdk_version }}
+      image_formats: qemu_uefi